5G network availablity and integrity threats major concern for EU

Network availability and integrity threats, flawed software and reliance on suppliers are among the key 5G security challenges facing the European Union (EU), according to a recent report.

The report highlights the main security threats, threat actors and vulnerabilities identified in a coordinated risk assessment by EU member states and provides a basis for national and EU-level control measures.

According to the report, major software security flaws — such as those deriving from poor software development processes within suppliers — could make it easier for threat actors to maliciously insert backdoors into products and make them harder to detect.

Additionally, 5G technologies, such as those used in software-defined networking and network functions virtualisation, could carry new types of technical vulnerabilities, with EU members concerned that improper management of software that allows public authorities to lawfully access networks could allow misuse for malicious actions.

Mobile network operators’ reliance on suppliers could also increase the number of attack paths for threat actors and the potential severity of attacks’ impacts, the report said. Among potential actors, non-EU state or state-backed actors were considered most serious and the most likely to target 5G networks.

With suppliers facilitating increased attack exposure, EU members believe suppliers’ risk profiles will become more important — particularly regarding a supplier’s likelihood of suffering interference from a non-EU country.

Major dependencies on a single supplier — especially those presenting a higher degree of risk — are a serious concern for the EU, since there’s greater potential for supply interruption. These dependencies also heighten the possible impact of the network’s weaknesses and vulnerabilities and their potential for exploitation by threat actors.

Finally, threats to network availability and integrity will become major security concerns as 5G becomes the backbone of societies and economies and supports critical IT applications in energy, health, transport and banking as well as industrial control systems and safety systems, according to EU members.

These challenges make it necessary for EU members to reassess current policy and security frameworks applicable to the sector and take steps to mitigate risk, the report said.

Member states will now work on a set of preventive measures — a ‘toolbox’ — for mitigating cybersecurity risks, with the help of the European Commission and European Agency for Cybersecurity. The toolbox is expected to be ready by 31 December 2019.

Image credit: ©stock.adobe.com/au/view7